Apache CXF 2.6.7 Release Notes 1. Overview The 2.6.x versions of Apache CXF are significant new versions of CXF that provides several new features and enhancements. New features include: * The big OSGi bundle used in the Karaf features.xml has been replaced with the individual modules which are now all individual bundles. The big OSGi bundle is still built, but some features may not be available if that is used instead of the little bundles. * New ability to configure HTTP Conduits from the OSGi config:admin service * New ability to configure the CXF created HTTP Jetty ports from config:admin service * OAuth 2 support (new cxf-rt-rs-security-oauth2 module) * The STS now supports the Renewal binding for SAML tokens. * The STS also supports bulk issuing/validation/cancelling/renewal of security tokens. * The STS supports some advanced features based around Claims, such as Claims Transformation, and pluggable custom Claims Parsing. * The WS-Security module now supports replay detection by default of Timestamps and UsernameToken nonces. * New ability to register custom JAX-RS Context providers. * New @UseAsyncMethod annotation for JAX-WS services. Users are encourage to review the migration guide at: http://cxf.apache.org/docs/26-migration-guide.html for further information and requirements for upgrading to 2.6.x. In particular, making the jars all OSGi bundles required moving some packages around and marking many transitive dependencies as optional. User applications may need to add additional dependencies into their applications in order to upgrade. 2.6.7 fixes over 58 JIRA issues reported by users and the community. 2. Installation Prerequisites Before installing Apache CXF, make sure the following products, with the specified versions, are installed on your system: * Java 5 Development Kit * Apache Maven 2.2.1 or 3.x to build the samples 3. Integrating CXF Into You Application If you use Maven to build your application, you need merely add appropriate dependencies. See the pom.xml files in the samples. If you don't use Maven, you'll need to add one or more jars to your classpath. The file lib/WHICH_JARS should help you decide which jars you need. 4. Building the Samples Building the samples included in the binary distribution is easy. Change to the samples directory and follow the build instructions in the README.txt file included with each sample. 5. Reporting Problems If you have any problems or want to send feedback of any kind, please e-mail the CXF dev list, dev@cxf.apache.org. You can also file issues in JIRA at: http://issues.apache.org/jira/browse/CXF 6. Migration notes: See the migration guide at: http://cxf.apache.org/docs/26-migration-guide.html for caveats when upgrading from CXF 2.5.x to 2.6.x. 7. Specific issues, features, and improvements fixed in this version ** Bug * [CXF-4019] - wsdl2js creates code which when run causes error: 'returnObject' is undefined * [CXF-4789] - EndorsingSupportingTokens do not respect ProtectTokens assertion from paired binding policy * [CXF-4790] - Set lang and subcode for soapfault * [CXF-4794] - Soap 1.1 service returns an invalid soap fault for soap 1.2 requests * [CXF-4795] - Memory leaks in CXF with spring while using WebClient APIs * [CXF-4796] - Accessing Conduit in JAX-RS ClientConfiguration causes NPE if failover is enabled * [CXF-4803] - NPE is thrown while enabling fine log level in TrustDecisionUtil if MessageTrustDecider from message context is used * [CXF-4806] - When using Spring, cannot set Jetty engine connector to an instance of SslSelectChannelConnector * [CXF-4812] - NPE on MessageModeInInterceptor when sending empty SOAPBody * [CXF-4814] - Support multiple AlgorithmSuite policy alternatives * [CXF-4815] - Invalid login creds will send many requests to server * [CXF-4818] - The body and header appears in reverse order for outbound soap message * [CXF-4819] - CXF validates soapHeaders and barfs on mustUnderstand attributes * [CXF-4820] - wsdl2js throws Exception * [CXF-4823] - CXF - Rampart interoperability issue: order of signature and encrypted key elements in XML * [CXF-4833] - IndexOutOfBoundException when printing stacktrace for ToolException * [CXF-4838] - Server-side endpoint may throw an NPE when a request message arrives while the endpoint is being stopped but not yet stopped * [CXF-4841] - STSClient AppliesTo is not working correctly in certain circumstances * [CXF-4842] - Support Claims defined in Security Policy at IssuedToken/Claims * [CXF-4846] - A confusing exception may be thrown from HTTPConduit when oneway call results in HTTP 500 response * [CXF-4847] - Data types not correctly published in WSDL from Exception classes * [CXF-4848] - WebClient does not process GenericEntity correctly * [CXF-4856] - A java.lang.NullPointerException is thrown when publishedEndpointUrl is used * [CXF-4859] - Incorrect msg of COULD_NOT_SET_WRAPPER_STYLE in cxf-rt-core/src/main/org/apache/cxf/service/factory/Messages.properties * [CXF-4860] - Request.Inpustream Lost * [CXF-4861] - Encoding issue jax-rs - UriBuilder * [CXF-4863] - TerminateSequenceResponse must be returned in reponse to WS-RM 1.1 TerminateSequence * [CXF-4864] - DestinationSequence doesn't pick up right number when it deliverying the message InOrder * [CXF-4870] - osgi field is always false when creating a SpringBus via SpringBusFactory in OSGI ENV * [CXF-4873] - javax.management.RuntimeOperationsException when register performance mbean using cxf webclient with an operation's uri containing some query params * [CXF-4874] - Data types for Fields not correctly published in WSDL from Exception classes * [CXF-4875] - NPE resolving policy reference * [CXF-4876] - CXF RespectBinding feature does not support the customized binding info under operation and its sub element. * [CXF-4877] - CXF will throw javax.wsdl.WSDLException: WSDLException: faultCode=OTHER_ERROR: Can't find prefix if the SEI has Action annotation * [CXF-4879] - Error when http.proxy* system properties are empty * [CXF-4888] - OAuthClientUtils ignore argument on getAccessToken() * [CXF-4890] - issues with spring context override properties * [CXF-4895] - Changing TLS information after first call doesn't affect anything * [CXF-4901] - OnlySignEntireHeadersAndBody property validation doesn't check if a SOAP Body child was signed * [CXF-4902] - SamlTokenInterceptor doesn't validate version of received token against the policy * [CXF-4904] - Incorrect validation of Layout LaxTimestampFirst + LaxTimestampLast * [CXF-4906] - Http Headers should ignore the case for "User-Agent" * [CXF-4909] - wadl2java: NPE in SourceGenerator when generating method with "plain" style parameter * [CXF-4912] - cxf rest client always picks the first ResponseExceptionMapper for a method with different exception throws * [CXF-4918] - Cannot get xsd schema file when access wsdl file as "?wsdl" with auto redirect turned on * [CXF-4920] - TransformationInInterceptor fails when XML contains same namespace with different prefixes * [CXF-4922] - NPE is thrown at EP creation when no service class is specified and the wsdl cannot be loaded * [CXF-4932] - Illegal method arguments generated by Wadl2Java ** Improvement * [CXF-4829] - Add OperationInfo based authorization interceptor * [CXF-4839] - WSDL parser error not logged * [CXF-4840] - add more optional Import-Package for cxf-rt-transports-http module * [CXF-4843] - STSClient always uses "old" WS-Policy namespace for AppliesTo * [CXF-4915] - JAX-RS HttpHeaders implementations creates too many maps * [CXF-4926] - remove org.apache.activemq.activemq-core as Require-Bundle from wsn-core module ** New Feature * [CXF-4791] - Passing arguments to JAXB compiler from WADL2Java ** Task * [CXF-4865] - Upgrade to wsdl4j-1.6.3 * [CXF-4871] - Add -clientjar flag to wsd2java tool * [CXF-4880] - Incorrect enforcement of X509Token PKI policies * [CXF-4883] - OAuth2 RedirectionBasedService needs to do only a strict comparison of redirect URI